In Part I, Modern Social Engineering - A Vital Component of Pen Testing, Chris Nickerson & Mike Murray adeptly covered the generalities of Social Engineering, and how it is a repeatable process perfect for inclusion in penetration testing. So let’s go a little deeper into crafting these attacks. What are some of the tricks of the verbal trade that make people far more likely to fall prey to those phishing attacks or that fraudulent web site? What tools can I use to test and eventually utilize to attack… er… audit my target organization? This 1-hour webcast dives deeper into the process of Electronic SE (eSE) and offers real-world examples of combining the skills of the social engineer with the toolkit of the ethical hacker.

The entire hour and a half video of the webcast as well as the slide deck are available using the permanent link above.

Interesting topic, interesting examples, yet it would also be of more value added to inform pen-testers or security consultants on the measures to avoid such attacks.I know that awareness is king when it comes to SE, but still real life examples and maybe different approaches can shed more light on other mitigation techniques.